Skip to content

refabr1k/oscp_notes

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
IIS6 CVE-2017-7269
IIS6 CVE-2017-7269
 
 
Kernel_2_2_4_PrivEsc (ptrace_kmod)
Kernel_2_2_4_PrivEsc (ptrace_kmod)
 
 
Kernel_2_6_37_fullnelson
Kernel_2_6_37_fullnelson
 
 
MS08-067 Python Reverse Shell
MS08-067 Python Reverse Shell
 
 
MS10-015 KiTrap0D
MS10-015 KiTrap0D
 
 
MS11-046 afd privesc
MS11-046 afd privesc
 
 
MS13-053 NTUserMessageCall
MS13-053 NTUserMessageCall
 
 
MS14-058 HttpFileServer 2.3 RCE (CVE-2014-6287)
MS14-058 HttpFileServer 2.3 RCE (CVE-2014-6287)
 
 
MS15-051 ClientCopyImage
MS15-051 ClientCopyImage
 
 
MS16-032 drivers eop
MS16-032 drivers eop
 
 
MS16-135 win23k
MS16-135 win23k
 
 
MS17-010 eternalblue
MS17-010 eternalblue
 
 
Mod SSL 2.8.7 OpenSSL Exploit (openfuckV2.c)
Mod SSL 2.8.7 OpenSSL Exploit (openfuckV2.c)
 
 
Scripts_toCleanUp
Scripts_toCleanUp
 
 
Tools
Tools
 
 
cheatsheet
cheatsheet
 
 
.gitattributes
.gitattributes
 
 
README.md
README.md
 
 
SUMMARY.md
SUMMARY.md
 
 

Repository files navigation

Exploits/Tools/Cheatsheets

Exploits OS Link
CVE-2017-7269 Windows here
Kernel 2.2.4 PrivEsc (ptrace kmod) Linux here
Kernel 2.6.37 full nelson Linux here
MS08-067 Python Reverse Shell Windows here
MS10-015 KiTrap0D Windows here
MS11-046 afd privesc Windows here
MS13-053 NTUserMessageCall Windows here
MS14-058 HttpFileServer 2.3 RCE (CVE-2014-6287) Windows here
MS15-051 ClientCopyImage Windows here
MS16-032 drivers eop Windows here
MS16-135 win23k Windows here
MS17-010 eternalblue Windows here
Mod SSL 2.8.7 OpenSSL Exploit (openfuckV2.c) Linux here

Tools

Onetwopunch - wrapper for unicorn and nmap scan

source: https://raw.githubusercontent.com/superkojiman/onetwopunch/master/onetwopunch.sh

Scan for port using nicornscan (very fast) and chain it with nmap vuln nse script scan

  1. ping sweep for online hosts into list nmap -v -sn 10.11.1-254 -oG all-hosts.txt grep Up all-hosts.txt > online.hosts.txt

  2. download onetwopunch script wget https://raw.githubusercontent.com/superkojiman/onetwopunch/master/onetwopunch.sh

  3. run script with nmap -sV option ./scripts/onetwopunch.sh -t online-hosts.txt -p all -i tap0 -n -sV

  4. Once complete, navigate to output folder "ndir". Use command to formats all .xml output to html for x in $(ls *.xml); do filename=$(echo $x | sed 's/xml/html/') && xsltproc $x -o $filename; done wget https://raw.githubusercontent.com/superkojiman/onetwopunch/master/onetwopunch.sh ./scripts/onetwopunch.sh -t online-hosts.txt -p all -i tap0 -n -sV

  5. Navigate to output folder "ndir" and formats all .xml output to html for x in $(ls *.xml); do filename=$(echo $x | sed 's/xml/html/') && xsltproc $x -o $filename; done

Droopescan - drupal scanner

source: https://github.com/droope/droopescan 

git clone https://github.com/droope/droopescan.git
cd droopescan
pip install -r requirements.txt
droopescan scan drupal -u https://10.11.1.49

Samba Checker - checks for samba version

Checks Samba version as enum4linux messed up? THanks fellow student OS-40285/rewardone

./samba_checker.sh <ipaddress> <port>

About

cheatsheets and exploit code/scripts

Resources

Readme
Activity

Stars

4 stars

Watchers

3 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages